Deep cleaning a spyware infected computer

Q. I have a Lenovo computer that is running Windows XP service pack 3. As I boot up the computer I get the error message “Rundll: Error Loading C:\windows\idoroyuyevev.dll The specified module could not be found.” It is my understanding that this dll file is probably looking for a file that has been deleted and that the missing file was probably a malware file. Windows is trying to load this file but cannot locate it since the file was removed. Some associated orphaned startup parameter or registry entry remains and is telling Windows to load the file when we boot up. As an aside, this is my daughter’s college computer and she tells me it did get an infection that she removed. Unfortunately, I have no information on this malware.

A. You are correct in that an orphaned startup item is reaching out and looking for a file called idoroyuyevev.dll in an attempt to load something when your computer starts up. You are also correct in assuming that this is, more than likely, the result of a botched malware infection as the file idoroyuyevev.dll does not seem to correspond to any legitimate application I can find.

keyloggers (Robbert van der Steeg / CreativeCommons:Flickr)

When malware tries to install on a computer there are times when it will fail or only install portions of the package. There also instances when anti-malware or anti-virus software will detect an intrusion, but only manage to partially remove the infection and leave the system trying to load something malicious which, fortunately, is no longer on the computer.

The problem is that something like this can be very hard to run down. You could use something like MSCONFIG in an attempt to isolate what is starting up on the computer that doesn’t belong. Or you could even use a more advanced startup analysis tool like Runscanner but this can often be somewhat overwhelming if you are a computer novice.

When it comes to this kind of issue I find that scanning the problem computer with multiple anti-spyware tools to be the most effective method of troubleshooting. This is because no single anti-spyware tool seems to detect or defend against all the malware threats out in the wild.

I recommend running Malwarebytes first. Let it scan the system completely and then reboot. After you’ve done that try hitting your computer with Combofix which may seem a little intimidating in its own right, but is really very straightforward and digs in deep to find malicious software. The instructions in the previous link do a very good job of explaining how to use the tool.

If after using these tools you still see a problem, try taking a whack at it with Hitman Pro. This tool is one of my favorites and has, on more than one occasion, detected problems that went completely unnoticed by the other anti-spyware tools. Hitman Pro is not free, but it does offer a fully functional 30 day trial.

By giving your system a good spyware scrubbing you will very likely remove all traces of any infestation and get your system back to a good running state.

That being said, I would like to offer one caution. Any computer that has been infected with a virus or spyware has a very real chance of crashing and crashing hard. Especially when you try to dig out the infection. If your computer is severely infected you may find yourself in a position of having to completely reinstall your operating system and all of your software. Be sure you have good and current backups of all of your important data.